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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 
• Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 

Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )□ Responsive to communication(s) filed on 06 July 2004 , 
2a)D This action is FINAL. 2b)E3 This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) E3 Claim(s) 1-19 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) S Claim(s) 1-19 is/are rejected. 

7) D Claim(s) 15 is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) ^ The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)^ accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attachment(s) 

1) ^ Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-413) 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) Paper No(s)/Mail Date. . 

3) S Information Disclosure Statement(s) (PTO-1449 or PTO/SB/08) 5 ) □ Notice of Informal Patent Application (PTO-152) 

Paper No(s)/Mail Date 0311/2004 . 6) □ Other: . 



U.S. Patent and Trademark Office 
PTOL-326 (Rev. 1-04) 



Office Action Summary 



Part of Paper No./Mail Date 1 



Application/Control Number: 09/900,496 
Art Unit: 2136 



Page 2 



DETAILED ACTION 



Specification 

1 . The Specification is objected to because of the following informalities: 

line 14 of page 4 "ach" should be "each" 

line 10 of page 1 1 "TCI/IP" should be "TCP/IP" 

lines 6 and 7 of page 1 1 refer to a co-pending patent application without listing the 
application number and the inventors. 
Appropriate correction is required. 



Double Patenting 

2. The nonstatutory double patenting rejection is based on a judicially created 
doctrine grounded in public policy (a policy reflected in the statute) so as to prevent the 
unjustified or improper timewise extension of the "right to exclude" granted by a patent 
and to prevent possible harassment by multiple assignees. See In re Goodman, 1 1 
F.3d 1046, 29 USPQ2d 2010 (Fed. Cir. 1993); In re Longi, 759 F.2d 887, 225 
USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 F.2d 937, 214 USPQ 761 (CCPA 
1982); In re Vogel, 422 F.2d 438, 164 USPQ 619 (CCPA 1970);and, In re Thorington, 
418 F.2d 528, 163 USPQ 644 (CCPA 1969). 

A timely filed terminal disclaimer in compliance with 37 CFR 1 .321 (c) may be 
used to overcome an actual or provisional rejection based on a nonstatutory double 
patenting ground provided the conflicting application or patent is shown to be commonly 
owned with this application. See 37 CFR 1.130(b). 

Effective January 1, 1994, a registered attorney or agent of record may sign a 
terminal disclaimer. A terminal disclaimer signed by the assignee must fully comply with 
37 CFR 3.73(b). 



3. Claims 1-7, 12, 15 and 19-30 are provisionally rejected under the judicially 
created doctrine of obviousness-type double patenting as being unpatentable over 
claims 1-20 of copending Application No. 09900493. This is a provisional obviousness- 
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type double patenting rejection because the conflicting claims have not in fact been 
patented. 

4. As to claims 1, 12, 23 and 30 of this application, claim 1 of the '493 application is 
a corresponding claim. Claims 1 12,23 and 30 of this application do not include the step 
of authenticating the application data packet while claim 1 of the '493 application does. 
It would have been obvious to one of ordinary skill in the art at the time the invention 
was made to omit the authentication step based on the legal precedent that the 
elimination of a step or an element and its function is obvious if the function is not 
desired. EX parte Wu, 10 USPQ 2031 (Bd. Pat. App. & Inter. 1989) 

5. As to claims 5 and 7 of this application, claim 5 of the '493 application is a 
corresponding claim. 

6. As to claim 20 of this application, claim 3 of the '493 application is a 
corresponding claim. 

7. As to claim 21 of this application, claim 4 of the '493 application is a 
corresponding claim. 

As to the remaining claims, the reasons for this provisional rejection should be obvious 
from the discussion of the claims above and the similarity between the claims of the two 
applications. 



Application/Control Number: 09/900,496 Page 4 

Art Unit: 2136 

Claim Rejections - 35 USC §112 

8. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

9. Claim 13 recites the limitation "negotiation manager" in the first line. There is 
insufficient antecedent basis for this limitation in the claim. 



Claim Rejections - 35 USC § 102 

10. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

11. Claims 1-10 are rejected under 35 U.S.C. 102(e) as being anticipated by Jardin 
US (6,681,327). 

As to claim 1 , 23 and 30: Jardin discloses A method for secure communications 
between a client and one of a plurality of servers performed on an intermediary device 
coupled to the client and said plurality of servers, comprising: 

(a) establishing an open communications session between the intermediary 



device and the client via an open network;( items 210, 220, 230 and 240 of FIG 
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2; describes the "handshake " between the client and the server which used to 
start any SSL communication between the server and the client) 

(b) negotiating a secure communications session with the client;(Col 6, lines 40- 
47) 

(c) establishing an open communications session with said one of said plurality of 
servers via a secure network;(Col 6, lines 40-47) 

(d) receiving encrypted data from the client via the secure communications 
session; (Col 6, line 67;) 

(e) decrypting encrypted application data; (Col 6, line 67) 

(f) forwarding decrypted application data to the server via the secure network; 
(Col 7, line 4) 

(g) receiving application data from the server via the secure network;(Col 8. line 
23-25) 

(h) encrypting the application data; and (Col 6, lines1-3 and items 250,260 of 
FIG.2) 

(i) sending encrypted application data to the client.(Col 8, lines 24-26) 

(j) detecting a communications anomaly in a communications session between 

the client and the intermediary device; and (Col 8, lines 31-35) 

(k) passing TCP data from through the intermediary device. (Col 4, lines 37-43) 

As to claim 2: Jardin discloses the method of claim 1 wherein said step (a) comprises 
the sub steps of: 
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• receiving a request for a communications session from the client; (item 210 of 
FIG. 2) 

• responding to the request for a communications session in place of the server; 
and (item 220ofFIG.2) 

• establishing a secure communications session between the client and the 
intermediary device, (items 220,230 and 240 of FIG. 2 describes the "handshake 
" between the client and the server which used to start any SSL communication 
between the server and the client) 

As to claim 3: Jardin discloses the method of claim 2 wherein said step of (a) 
comprises: 

• receiving a TCP SYN packet from a client and responding to the SYN packet with 
appropriate responses as a proxy for the server. (Col 4, lines 39-41 ) 

As to claim 4: Jardin discloses the method of claim 1 wherein said step of negotiating a 
secure communications session comprises negotiating an SSL session with the client in 
place of the server. ( Col 6, lines 1-3) 

As to claim 6 : Jardin discloses the method of claim 1 wherein the step of forwarding 
decrypted application data to said one of said plurality of servers comprises forwarding 
unauthenticated application data. (Col 7, line 4) 
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As to claims 8 and 14 : Jardin teaches the method of claim 1 wherein, prior to said step 
establishing a communications session with one of said plurality of servers, the method 
includes the step of: 

• selecting one of said plurality of servers to forward said decrypted authentication 
data to based on a load-balancing algorithm. (Col 8, lines 27-67 through Col 9 
line 10; Jardin teaches different algorithms in his embodiments to balance the 
load on the plurality of servers) 

As to claim 9: Jardin disclose the method of claim 8 further including the step of: 
tracking data passing between the client and said one of said plurality of servers. (Col 8, 
lines 31-33) 

As to claim 1 1 : the method of claim 10 further including tracking, for each session, an 
initialization vector. ( Col 5, lines 16-26 ) 

As to claim 12: Jardin disclose an apparatus coupled to a public network and a secure 
network, communicating with at least one client via the public network and 
communicating with one of a plurality of servers via the secure network, comprising: 

• a network interface communicating with the public network and the secure 
network;(Col 2, lines 57-65) 

• at least one processor;(Col 6, lines 32-34) 

• programmable dynamic memory addressable by the processor; () 
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• a communications channel coupling the processor, memory and network 
communications interface; (Col 2, lines 57-65) 

• a proxy TCP communications engine; (Col 4, lines 34-36) 

• a proxy SSL communications engine; ( Col 4, lines 24-29)) 

• a server TCP communications engine; (Col 2, lines 54-65)and 

• a packet data encryption and decryption engine. (Col 7, lines 29-32) 

As to claim 13: Jardin disclose the apparatus of claim 12 wherein the negotiation 
manager enables the apparatus as a TCP and SSL proxy for the server. (Col 4, lines 
24-29) 

As to claim 15: Jardin disclose the apparatus of claim 12 wherein the encryption and 
decryption engine decrypts encrypted packet data to produce application 
data. ( Col 6, Iine66 through Col 7 line 2 ) 

As to claim 18: The apparatus of claim 16 further including a recovery manager using 
said database to recover from communication errors. ( Col 8, lines 27-41) 

As to claim 19: Jardin discloses the apparatus of claim 12 wherein the packet data 
encryption and decryption engine decrypts packets from SSL data which 
spans over multiple TCP segments and forwards packet data to a server 
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which is not authenticated. (Col 7, Col 7, line 4 and lines 44-45; the examiner deeming 
the data spanning over multiple TCP segments to be inherent to any TCP/IP system, 
which split the application data packets to multiple TCP/IP packets to be transmitted 
over the network.) 

As to claim 20: Jardin disclose the apparatus of claim 19 wherein said data is not 
buffered during decryption. (Col 3, lines 4-13 / in one embodiment the first server is 
configured to decrypt contents of the data packet and re-direct the data packet) 

As to claim 21 : The apparatus of claim 19 wherein said data is buffered for a length 
sufficient to complete a block cipher used to encrypt the data.( Col 2, lines 65, through 
Col 3, line 3 / the broker in the second embodiment have dynamically allocated buffer) 

As to claim 24: Jardin system discloses the method of claim 23 wherein the.secure 
communication is SSL protocol encrypted application data. (Col 4, lines 54-56) 

As to claim 25: Jardin system discloses the method of claim 23 wherein said step of 
receiving comprises the sub steps of initiating a communications session with the 
enterprise and negotiating a secure communication session with the device. ( items 
210, 220, 230 and 240 of FIG 2; describes the "handshake " between the client and the 
server which used to start any SSL communication between the server and the client) 
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As to claim 26: Jardin system discloses the method of claim 23 further including the 
step of negotiating an open communication session with said at least one server of the 
enterprise and wherein said step of forwarding includes forwarding decrypted data via 
the open communication network. (Col 6, lines 40-47 and Col 7, line 4) 

As to claim 27: Jardin discloses the method of claim 23 wherein said step of receiving 
communications includes receiving a plurality of secure communication sessions from a 
plurality of customers. (Col 4, lines 11-16) 

As to claim 28: Jardin discloses the method of claim 27 further including a step of 
selecting one of a plurality of enterprise servers to which to direct data in said step of 
forwarding said decrypted packet data.( Col 8, lines 27-67 through Col 9 line 10) 

Claim Rejections - 35 USC § 103 

12. Claims 5 and 22 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Jardin US (6,681 ,327) as applied to claim 1 above, and further in view of Narad US 
(6,157,955). 

As per claim 5 and 22: Jardin do not explicitly explain a packet authentication. However 
Narad teach the using and tracking of both a checksum (column 36, lines 40, through 
column 37, line 20) and a cryptographic key (column 27, lines 4-7) to verify the validity 
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of the data packet. Therefore, it would be obvious to a person of ordinary skill in the art 
at the time the invention was made to modify the system of Jardin with the teaching of 
Narad to authenticate received packets after the final packet in the data segment 
received. One would be motivated to do so in order to identify and discard packets that 
have been altered or modified. 

13. Claims 10,11,16 and 17 are rejected under 35 U.S. C. 103(a) as being 
unpatentable over Jardin US (6,681 ,327) as applied to claim 1 above, and further in 
view of Abramson et al US (6,539,494). 

As per claims 10, 1 1 , 16 and 17: Jardin do not explicitly explain establishing a database 
to track session information. However Abramson et al teaches the using and tracking of 
session information database (column 1, line 62, through column 2, line 18) to recover 
from communication errors. Therefore, it would be obvious to a person of ordinary skill 
in the art at the time the invention was made to modify the system of Jardin with the 
teaching of Abramson to backup and track session information in communication 
between client and a server. One would be motivated to do so in order to enable the 
system to recover from communication failures transparently (Col 4, lines 55-67) and 
reconstitute the session data into a new session without loss of data. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Firas Alomari whose telephone number is (571) 272- 
7963. The examiner can normally be reached on Mon-Fri. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, AYAZ SHEIKH can be reached on (571) 272-3795. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only.. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 

Firas Alomari 
Examiner 
Art Unit 2136 

FA 




